Share This Page

As schools continue to find new ways to help enhance learning through technology, they must also ensure these efforts comply with federal laws designed to help protect the privacy of children and students.

More than half of K-12 students have access to a school-issued personal computing device, and many school districts have implemented an online curriculum. The workshop, to be held in Washington, D.C., will help provide additional guidance to schools, Ed Tech providers, parents, and other stakeholders.

The COPPA Rule, first issued in 2000, requires operators of websites and online services to obtain parental consent before collecting, using, or disclosing personal information from children under 13. FTC staff has provided guidance about the application of the Rule to schools including a determination that schools could act as intermediaries between Ed Tech providers and parents in the notice and consent process, or act as the parents’ agent for purposes of providing consent to providers.

Passed in 1974, FERPA is a federal law that protects the privacy of student education records. FERPA generally prohibits educational agencies and institutions from disclosing student education records without prior, written consent from a parent. The Department of Education issued guidance in 2014 explaining generally that this prohibition on disclosure does not preclude the use of educational technology in the classroom, provided the school follows the requirements of the “School Official Exception” to FERPA’s written consent requirement.

While both agencies have continued to provide additional guidance, questions remain about the intersection of COPPA and FERPA. To help promote discussion on these questions, the FTC and the Department of Education are inviting comments on a variety of questions including:

Are the joint requirements of FERPA and COPPA sufficiently understood when Ed Tech providers collect personal information from students?

Under what circumstances is it appropriate for a school to provide consent under COPPA and what is the process for properly obtaining the consent?

How should requirements concerning notice, deletion, and retention of records be handled and by whom and when?

COPPA and FERPA both limit the use of personal information collected from students by Ed Tech vendors. What are the appropriate limits on the use of this data?

How do schools maintain “direct control” over Ed Tech providers when they rely on the School Official Exception to FERPA’s general consent requirement?

The workshop, which is free and open to the public, will be held at the Constitution Center, 400 7th St., SW, Washington, DC. It will be webcast live on the FTC’s website. An agenda, directions to the Constitution Center building, and a list of speakers will be available in the near future on the event webpage.